summaryrefslogtreecommitdiffstats
path: root/installer
diff options
context:
space:
mode:
authorRamón M. Gómez <ramongomez@us.es>2019-02-07 12:04:07 +0100
committerRamón M. Gómez <ramongomez@us.es>2019-02-07 12:04:07 +0100
commit6bd2e1e7ba1bb7f9911d95a3a4ed688b0cae1e58 (patch)
tree36ad54ffd72042ad9b71fccc3575de3b79facc48 /installer
parentb0d5fb323802cac4ad5417e6c5fcfcab2e0d645d (diff)
#736: Installer script no longer disables firewall or SELinux, and recommends using {{{security-config}}} script.
Diffstat (limited to 'installer')
-rwxr-xr-xinstaller/opengnsys_installer.sh28
1 files changed, 4 insertions, 24 deletions
diff --git a/installer/opengnsys_installer.sh b/installer/opengnsys_installer.sh
index 87b06835..f559552c 100755
--- a/installer/opengnsys_installer.sh
+++ b/installer/opengnsys_installer.sh
@@ -145,7 +145,6 @@ OPENGNSYS_DB_CREATION_FILE=opengnsys/admin/Database/${OPENGNSYS_DATABASE}.sql
# - APACHEENABLEOG, APACHEOGSITE, - habilitar sitio web de OpenGnsys
# - PHPFPMSERV - servicio PHP FastCGI Process Manager para Apache
# - INETDSERV - servicio Inetd
-# - FIREWALLSERV - servicio de cortabuegos IPTables/FirewallD
# - DHCPSERV, DHCPCFGDIR - servicio y configuración de DHCP
# - MYSQLSERV, TMPMYCNF - servicio MySQL y fichero temporal con credenciales de acceso
# - MARIADBSERV - servicio MariaDB (sustituto de MySQL en algunas distribuciones)
@@ -232,11 +231,6 @@ case "$OSDISTRIB" in
APACHEREWRITEMOD="sed -i '/rewrite/s/^#//' $APACHECFGDIR/../*.conf"
DHCPSERV=dhcpd
DHCPCFGDIR=/etc/dhcp
- if firewall-cmd --state &>/dev/null; then
- FIREWALLSERV=firewalld
- else
- FIREWALLSERV=iptables
- fi
INETDSERV=xinetd
INETDCFGDIR=/etc/xinetd.d
MYSQLSERV=mysqld
@@ -268,13 +262,6 @@ local f
# Configuraciones específicas para Samba y TFTP en Debian 6.
[ -z "$SYSTEMD" -a ! -e /etc/init.d/$SAMBASERV ] && SAMBASERV=samba
[ ! -e $TFTPCFGDIR ] && TFTPCFGDIR=/srv/tftp
-
-# Configuraciones específicas para SELinux permisivo en distintas versiones.
-[ -f /selinux/enforce ] && echo 0 > /selinux/enforce
-for f in /etc/sysconfig/selinux /etc/selinux/config; do
- [ -f $f ] && perl -pi -e 's/SELINUX=enforcing/SELINUX=permissive/g' $f
-done
-selinuxenabled 2>/dev/null && setenforce 0 2>/dev/null
}
@@ -823,13 +810,7 @@ function downloadCode()
# Comprobar si existe conexión.
function checkNetworkConnection()
{
- echoAndLog "${FUNCNAME}(): Disabling Firewall: $FIREWALLSERV."
- if [ -n "$FIREWALLSERV" ]; then
- service=$FIREWALLSERV
- $STOPSERVICE; $DISABLESERVICE
- fi
-
- echoAndLog "${FUNCNAME}(): Checking OpenGnsys server conectivity."
+ echoAndLog "${FUNCNAME}(): Checking OpenGnsys server connectivity."
OPENGNSYS_SERVER=${OPENGNSYS_SERVER:-"opengnsys.es"}
if which wget &>/dev/null; then
wget --spider -q $OPENGNSYS_SERVER
@@ -1576,16 +1557,15 @@ function installationSummary()
echoAndLog "Installed ogLive client(s): $(oglivecli list | awk '{print $2}')"
echoAndLog "Samba configuration directory: $SAMBACFGDIR"
echoAndLog "Web Console URL: $OPENGNSYS_CONSOLEURL"
- echoAndLog "Web Console access data: specified in installer script"
+ echoAndLog "Web Console access data: entered by the user"
if grep -q "^RUN_BTTRACK.*no" /etc/default/opengnsys; then
echoAndLog "BitTorrent service is disabled."
fi
echo
echoAndLog "Post-Installation Instructions:"
echo "==============================="
- echoAndLog "Firewall service has been disabled and SELinux mode set to"
- echoAndLog " permissive during OpenGnsys installation. Please check"
- echoAndLog " ${FIREWALLSERV:-firewall} and SELinux configuration, if needed."
+ echoAndLog "You can improve server security by configuring firewall and SELinux,"
+ echoAndLog " running \"$INSTALL_TARGET/lib/security-config\" script as root."
echoAndLog "It's strongly recommended to synchronize this server with an NTP server."
echoAndLog "Review or edit all configuration files."
echoAndLog "Insert DHCP configuration data and restart service."